<?php

require( 'util.php' );

validate_action_post( array( 'userName', 'password' ) );

//-----------------------------------------

require( 'db.php' );

$userName = mysql_real_escape_string( $_POST['userName'] );
$sql = "SELECT password FROM `user` WHERE name = '$userName'";
$result = mysql_query( $sql ) or die( mysql_error() );

$userInfo = mysql_fetch_array( $result );

if( $userInfo )
{
	if( strcasecmp( $userInfo['password'], $_POST['password'] ) == 0 )
	{
		echo '登陆成功！';
		exit();
	}
	else
	{
		echo '密码错误！';
	}
}
else
{
	echo '用户名不存在！';
}

?>